A new form of Spam | Trojan | Virus (posing as plugin installer - originated from Facebook Friend Feed)
People, there is a new attack site or link (originated from Facebook) with the following pattern (emphasize on point 3 below, posing as Flash or other Plugin installer):
- It is posted on your friend feed because one or more of your friend's PC was attacked. (BTW, it may appear on your wall, even if you didn't click - in case the compromised friend of yours has the access to post on your wall. This normally happens through tagging. When the virus posts on your friend's wall, it may also tag you. So it will appear on your wall too. So if you fear that one or some of your friends FB account is compromised, then temporarily disallow him/them to post on your wall from Facebook privacy setting)
- Once you click the link, if you're logged-in on Facebook, it will post the same crap from your profile.
- You are logged in or not, in either case, it will try to play a video after that, and after a few seconds, it will say
"Plug-in not installed, click to install plugin" - or something similar.
It looks something similar, when your browser doesn't have Flash player installed.
- When you click this, it'll download and try to install an exe file which is actually some sort of Trojan | virus.
Please don't fall into their trap, this will compromise the security of your computer & may potentially compromise security of your friends' & colleges' computer. So, don't click on crappy link | image | video on Facebook and be safe. If any link asks you to install a plugin, make sure it's from a valid & secure source. For example: Always install Flash player directly from adobe.com
I've made a habit of myself in tracking and reporting these types of spams & viruses.
However, you may or may not have the sufficient technical expertise for this. So if you are doubtful about a link, posted on your Facebook wall or Friend's feed, contact an expert you know to test the link's validity.
If you have to check for yourself, don't click, follow the instructions below (Remedy):
- Right click on the link or video or image.
- From browser context menu, select COPY LINK. (depending on the browser you are using, the context menu may be a little different, but you'll know when you see it)
- Paste the link to a different browser. Of course first make sure you or someone else is not logged-in on Facebook from that browser. Just visit Facebook home page to make sure. Only then visit the concerned link. Of course for these types of tests you can always use a fake Facebook ID, one you don't share with friends.
BTW, there is an easy way to see if some video | photo | link is a valid Facebook video | photo | link (not applicable for mobile browser). Just take your mouse pointer over the video | photo | link after the page is completely loaded, and look at your browser's status bar. (If you have no idea what a status bar is, look at the bottom left corner of your browser).
If the link is something like:
Then, most likely it is OK (with one exception though: If it takes you to a Facebook application page, and that application is asking permission for full access to your Facebook account, then you should be concerned about it)
If your status bar shows a link other than Facebook, (even though it is presenting itself as a Facebook video or photo) then avoid it. However, if the external site's link is something familiar, like YouTube, Google, BBC, CNN etc. then no problem. But make sure, it is a familiar site and not a trap.
For example, This is a YouTube link example:
But, this is not (TRAP!!!):
Be careful and be safe & secure
by Fayaz Ahmed
Leave a Reply